Virtually any major web application that is accessible today uses tokens to authenticate a user requesting access to the application/API. The use of tokens allows a user to access multiple servers after only a single login, rather than having to log into each server that the user attempts to access. However, user identity tokens can be used in a manner contrary to their purpose at least in part because they do not identify certain attributes associated with their use, such as whether a token is used by an authorized device, application, network, etc.